You are here: Home > CLI Commands > Just_CLI_Topics > show crypto-local isakmp

show crypto-local isakmp

show crypto-local isakmp

allow-via-subnet-routes

ca-certificate

certificate-group

disable-aggressive-mode

disable-ipcomp

dpd

key [peer <peer-ip> | fqdn <ike-id-fqdn>]

server-certificate

xauth

Descriptions

This command displays Internet Key Exchange (IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.) parameters for the Internet Security Association and Key Management Protocol (ISAKMPInternet Security Association and Key Management Protocol. ISAKMP is used for establishing Security Associations and cryptographic keys in an Internet environment.).

Syntax

Parameter

Description

allow-via-subnet-routes

Shows if the Mobility Master is configured to accept subnetSubnet is the logical division of an IP network. routes from VIA clients.

ca-certificate

Shows all the Certificate Authority (CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.) certificates associated with VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. clients.

certificate-group

Shows the existing certificate groups by server certificate name and CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate.

disable-aggressive-mode

Shows if aggressive-mode is enabled or disabled.

disable-ipcomp

Shows IP compression configuration.

dpd

Shows the IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. Dead Peer Detection (DPDDead Peer Detection. A method used by the network devices to detect the availability of the peer devices. ) configuration on the managed device.

key [fqdn <ike-id-fqdn> | peer <peer-ip>]

Shows the IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. pre-shared key on the managed device for site-to-site VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.. This includes keys configured by Fully Qualified Domain Name (FQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet.) and local and global keys configured by IP address.

server-certificate

Shows all the IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. server certificates used to authenticate the managed device for VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. clients.

xauth

Shows the IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. XAuthExtended Authentication. XAuth provides a mechanism for requesting individual authentication information from the user, and a local user database or an external authentication server. It provides a method for storing the authentication information centrally in the local network. configuration for VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. clients.

Usage Guidelines

Use the show crypto-local isakmp command to view IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. parameters.

Examples

The examples here show sample output for the show crypto-local isakmp ca-certificate, show crypto-local isakmp certificate-group, show crypto-local isakmp dpd, show crypto-local isakmp key, show crypto-local isakmp server-certificateand show crypto-local isakmp xauth commands:

 

(host) [mynode] #show crypto-local isakmp ca-certificate

ISAKMP CA Certificates

-----------------------

CA certificate name Client-VPN # of Site-Site-Maps

------------------- ---------- -------------------

Aruba-Factory-CA Y 0

 

 

(host )[mynode] #show crypto-local isakmp certificate-group

 

ISAKMP Certificate Groups

--------------------------

Server certificate name CA certificate name

----------------------- -------------------

 

 

(host) [mynode] #show crypto-local isakmp dpd

DPD is Enabled: Idle-timeout = 22 seconds, Retry-timeout = 2 seconds, Retry-attempts = 3

 

 

(host) [mynode] #show crypto-local isa

ISAKMP Local Pre-Shared keys configured for ANY FQDN

-----------------------------------------------------

Key

---

ISAKMP Local Pre-Shared keys configured by FQDN

------------------------------------------------

FQDN of the host Key

---------------- ---

servers.mycorp.com ********

 

ISAKMP Local Pre-Shared keys configured by Address

---------------------------------------------------

IP address of the host Subnet Mask Length Key

---------------------- ------------------ ---

10.4.62.10 32 ********

 

ISAKMP Global Pre-Shared keys configured by Address

----------------------------------------------------

IP address of the host Subnet Mask Length Key

---------------------- ------------------ ---

0.0.0.0 0 ********

 

 

(host) [mynode] #show crypto-local isakmp server-certificate

ISAKMP Server Certificates

---------------------------

Server certificate name Client-VPN # of Site-Site-Maps

----------------------- ---------- -------------------

Aruba-Factory-Server-Cert-Chain RAP-only 0

 

 

(host) [mynode] #show crypto-local isakmp xauth

IKE XAuth Enabled.

Related Commands

Command

Description

crypto-local isakmp allow-via-subnet-routes

Use this command to push subnetSubnet is the logical division of an IP network. routes to the Mobility Masterand managed device.

crypto-local isakmp ca-certificate

Use this command to assign the Certificate Authority (CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.) certificate used to authenticate VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. clients.

crypto-local isakmp certificate-group

Use this command to assign a certificate group so you can access multiple types of certificates on the same managed device.

crypto-local isakmp disable-aggressive-mode

Use this command to disable the IKEv1Internet Key Exchange version 1. IKEv1 establishes a secure authenticated communication channel by using either the pre-shared key (shared secret), digital signatures, or public key encryption. IKEv1 operates in Main and Aggressive modes. See RFC 2409. aggressive mode.

crypto-local isakmp dpd

Use this command to configure IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. Dead Peer Detection (DPDDead Peer Detection. A method used by the network devices to detect the availability of the peer devices. ) on the managed device.

crypto-local isakmp key

Use this command to configure the IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. preshared key on the managed device for site-to-site VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two..

crypto-local isakmp server-certificate

Use this command to assign the server certificate used to authenticate the managed device for VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. clients.

crypto-local isakmp xauth

Use this command to enable the IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. XAuthExtended Authentication. XAuth provides a mechanism for requesting individual authentication information from the user, and a local user database or an external authentication server. It provides a method for storing the authentication information centrally in the local network. for VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. clients.

Command History

Release

Modification

ArubaOS 8.0.1.0

The allow-via-subnet-routes subcommand was introduced.

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Enable and Config mode on Mobility Master.

/*]]>*/